aws sev snp resolves latest version values on GetAttestationConfig (#2810)

internal/config/aws.go

@@ -16,6 +16,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 )
 
+var _ sevsnpMarshaller = &AWSSEVSNP{}
+
 // DefaultForAWSSEVSNP provides a valid default configuration for AWS SEV-SNP attestation.
 func DefaultForAWSSEVSNP() *AWSSEVSNP {
 	return &AWSSEVSNP{
@@ -61,6 +63,15 @@ func (c AWSSEVSNP) EqualTo(other AttestationCfg) (bool, error) {
 	return measurementsEqual && bootloaderEqual && teeEqual && snpEqual && microcodeEqual && rootKeyEqual && signingKeyEqual, nil
 }
 
+func (c *AWSSEVSNP) getToMarshallLatestWithResolvedVersions() AttestationCfg {
+	cp := *c
+	cp.BootloaderVersion.WantLatest = false
+	cp.TEEVersion.WantLatest = false
+	cp.SNPVersion.WantLatest = false
+	cp.MicrocodeVersion.WantLatest = false
+	return &cp
+}
+
 // FetchAndSetLatestVersionNumbers fetches the latest version numbers from the configapi and sets them.
 func (c *AWSSEVSNP) FetchAndSetLatestVersionNumbers(ctx context.Context, fetcher attestationconfigapi.Fetcher) error {
 	// Only talk to the API if at least one version number is set to latest.

internal/config/azure.go

@@ -17,6 +17,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 )
 
+var _ sevsnpMarshaller = &AzureSEVSNP{}
+
 // DefaultForAzureSEVSNP returns the default configuration for Azure SEV-SNP attestation.
 // Version numbers have placeholder values and the latest available values can be fetched using [AzureSEVSNP.FetchAndSetLatestVersionNumbers].
 func DefaultForAzureSEVSNP() *AzureSEVSNP {
@@ -98,6 +100,15 @@ func (c *AzureSEVSNP) mergeWithLatestVersion(latest attestationconfigapi.SEVSNPV
 	}
 }
 
+func (c *AzureSEVSNP) getToMarshallLatestWithResolvedVersions() AttestationCfg {
+	cp := *c
+	cp.BootloaderVersion.WantLatest = false
+	cp.TEEVersion.WantLatest = false
+	cp.SNPVersion.WantLatest = false
+	cp.MicrocodeVersion.WantLatest = false
+	return &cp
+}
+
 // GetVariant returns azure-trusted-launch as the variant.
 func (AzureTrustedLaunch) GetVariant() variant.Variant {
 	return variant.AzureTrustedLaunch{}

internal/config/config.go

@@ -629,15 +629,13 @@ func (c *Config) GetProvider() cloudprovider.Provider {
 // GetAttestationConfig returns the configured attestation config.
 func (c *Config) GetAttestationConfig() AttestationCfg {
 	if c.Attestation.AWSSEVSNP != nil {
-		return c.Attestation.AWSSEVSNP
+		return c.Attestation.AWSSEVSNP.getToMarshallLatestWithResolvedVersions()
 	}
 	if c.Attestation.AWSNitroTPM != nil {
 		return c.Attestation.AWSNitroTPM
 	}
 	if c.Attestation.AzureSEVSNP != nil {
-		cp := *c.Attestation.AzureSEVSNP
+		return c.Attestation.AzureSEVSNP.getToMarshallLatestWithResolvedVersions()
-		cp.setWantLatestToFalse()
-		return &cp
 	}
 	if c.Attestation.AzureTrustedLaunch != nil {
 		return c.Attestation.AzureTrustedLaunch
@@ -1114,17 +1112,15 @@ type AzureSEVSNP struct {
 	AMDSigningKey Certificate `json:"amdSigningKey,omitempty" yaml:"amdSigningKey,omitempty" validate:"len=0"`
 }
 
-// setWantLatestToFalse sets the WantLatest field to false for all versions in order to unmarshal the numerical versions instead of the string "latest".
-func (c *AzureSEVSNP) setWantLatestToFalse() {
-	c.BootloaderVersion.WantLatest = false
-	c.TEEVersion.WantLatest = false
-	c.SNPVersion.WantLatest = false
-	c.MicrocodeVersion.WantLatest = false
-}
-
 // AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation.
 type AzureTrustedLaunch struct {
 	// description: |
 	//   Expected TPM measurements.
 	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
 }
+
+// sevsnpMarshaller is used to marshall "latest" versions with resolved version numbers.
+type sevsnpMarshaller interface {
+	// getToMarshallLatestWithResolvedVersions brings the attestation config into a state where marshalling uses the numerical version numbers for "latest" versions.
+	getToMarshallLatestWithResolvedVersions() AttestationCfg
+}